Having problems removing Altnet spyware

We're having trouble removing HKEY_LOCAL_MACHINE:software\altnet\. We've updated and run Adaware, and even tried to remove it manually, but it won't allow us to delete it. Our computer has been running really sluggishly lately and we think this might be the culprit. Any advice?

We run XP Pro.

 

Hi Cindy,

Here is the cut & paste Standard Boilerplate

Generally, it is a good idea to start with the Cleanup Tutorial HERE:
READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan and Virus Removal

This will remove a lot of stuff that would otherwise clog a HJT log.

Please let us know the steps that you are able to complete and the ones that give you problems. Note that you need to be in Safe Mode with System Restore OFF (if you have it - you didn't give OS) and have the Viewing of Hidden Files ENABLED as per the instructions in the link. Make sure to do the Online Scans.

Post back and let us know how you fared. Also, send us a HijackThis Log. Be sure to follow the instructions below:

Note that your HijackThis should be up-to-date (v1.98.2) and MUST be extracted to its own safe folder – C:\Program Files\HijackThis!

If you need a Fresh Download of HJT, get it HERE: HijackThis 1.98.2

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

I am tied up these days, but somebody will take a look when they get a chance.

Best luck
PP

 

Thanks guys, we'll get back to you.

Eric

 

Okay,here are my results, weeks later! I've been busy.

I ran everything, I"m clean, except for the Altnet spyware which we can't remove.

Here's my hijack this log.

 

I thought I did extract it to it's own folder, but anyway....
As for the host file, I had tried adding my own entries to the hosts, but I never got any further.

Ad-Aware SE found this. I have deleted it, both in normal and safe mode, and it doesn't really delete it, it's still there after I "delete" it.

We went to the Registry and tried deleting it that way, and it won't let us.

Hope this helps.

 

D'oh! I tried to go to it, and it said it was down, and I forgot to go back and try it again. I'll try right now.

edit: Nope, still down.

 

Man, sorry, it was 2 am.....

Yes, tried to delete the registry entry in both normal and safe mode, I guess I'm logged in with Admin priviledges, I'm logged in as Eric, but I have full priviledges. I didn't enable any filter capability in HJT, but I'll make sure I'm running it correctly.

When I ran Spybot, I got the following error:

Error during check!: Z-Demon (Ungültiger Datentyp für '') ()

It has that and the DSO exploits, but it stops the check. I may try uninstalling and reinstalling it, and running it.

 

Hey Chaslang,
Thanks alot for all the help and time you're giving me. I just noticed your title, guess I'm talking to the right person!

Okay, I ran HJT in normal mode, as the instructions said, but I can run it again just to see what else comes up.

Ad-Aware SE was what found the altnet spyware file, and it only found one registry entry. With repeated scans and deletes, the file just keeps showing up.

I downloaded the DSO exploit fix, and voila, Spybot was able to complete the scan without the weird "Error during check!: Z-Demon (Ungültiger Datentyp für '' message, and it found 115 problems. However, none of them were the altnet problem. I will run ad-aware again to see what it now finds.

I've been using Spybots Immunization, but it had been awhile since I last updated the immunization, so 169 additional products are now blocked. I also run SpywareBlaster and update it regularlly.

I'll run another HJT in normal, just to be sure and get back to you. I also may need a walk through to delete those entries from the hosts file, it's been awhile since I was there, and I'm afraid I won't remember how to do it.

And thanks again, I really appreciate the time you've taken for me.

Eric

 

Okay, AltnetBDE is still alive and well. Now I'll run HJT.

 

Okay, here tis. I'm wondering about removing

• both 01s (the host file entries)
• 02, the Acroreader helper, (I don't think it's necessary but I'm not sure)
• 016 Symantec Antivirus scanner (I run avast, not symantec)
• 016 Symantec Utility class
• 016 Housecall control

I think the symantec and housecall are left over from the online scans I did

What are your thoughts? And why doesn't this lousy altnet thing show up?

 

Hey, If your having problems removing Alnet & BDE I would recommend using KazaaBegone 1.25 and BDE Remove. I have used these tools on several machines and never ran into a problem. This program removes all spyware that comes along with KaZaa including Alnet & BDE as well as others, so Its worth a try.

 

I used KazaaBegone, but I will give BDE remove a try. Thanks for the heads up.

Eric

edit: I ran it, and it didn't find anything.

 

Ok, Was you using KazaaBegone 1.10 because that version has a bug in it that can break you internet, just making sure you was using the updated new version KazaaBegone 1.25

edit: There is a control panel icon for BDE, To remove this go into the C:\WINDOWS\system32 directory and remove the file "bdeadmin.cpl"

 

SUCCESS!! Chaslang, you the man!!

I went into the permissions like you suggested, but I couldn't get it to delete, even after taking ownership of it. But I saw who the previous owner was, went into that persons account, and deleted the key easy as pie! I ran Ad-Aware and confirmed that the key was gone.

BTW, I didn't understand your question at first, but it did indeed have subkeys Dashboard and one key under Dashboard whose name I can't remember.

This thing was a headache. Thanks a bunch for all your help.

Eric

 

I'm not sure if it is proper protocol to ask the same question under the same thread. But I was having the same problem as Eric, I followed all the steps right up to the end, the permissions was the problem.

HKEY_LOCAL_MACHINE\SOFTWARE\altnet\dashboard\settings
This key has no permissions, and no one set to owner, and I can't add anyone as owner... I'm kinda stuck here, I don't go into the registry unless I have no choice. So if anyone could tell me if I'm completely screwed here or if there is something I can do about it please let me know.